[Users] socketpair exploit -- openvz is not vulnerable

Kir Kolyshkin kir at openvz.org
Fri Nov 26 10:42:33 EST 2010


A DoS exploit which leads to system unresponsiveness was published
yesterday. It works on most systems, luckily it doesn't work inside
OpenVZ containers...

Well, unless you don't set all the beancounters limits to 'unlimited'
(which is a very bad idea in the first place), so please check your
configuration. The limit which helps in this case is numothersock.

See more details in OpenVZ blog: http://blog.openvz.org/34694.html

Kir.


More information about the Users mailing list